Week 33 In Review – 2014

DEFCON 22: The Con That Keeps on Giving – lunalindsey.com
Luna Lindsey is redefining the conference experience. She had an amazing time this year, as always. But as a neophile, she crave new experiences.

Def Con: the ‘Olympics of hacking’ – www.ft.com
Welcome to Def Con, the Olympics of hacking, where for 21 years computer hackers have been gathering to compete, share their knowledge and, perhaps most of all, meet like-minded people in the real, offline world. A festival atmosphere fills the hallways as delegates greet old friends, addressing each other by online nicknames.

Resources

Get STIX Reports from ICS Honeypot Conpot – honeynet.org
The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github.

DEFCON 22 Badge Challenge – potatohatsecurity.tumblr.com
Jason, Brett, and Jon recently went to DEFCON and completed the Badge Challenge put together by 1o57. Here is the entire adventure as they experienced it with all of the puzzles, their solutions, and the steps to solve them.

DEFCON 22 Badge Contest – elegin.com
This writeup is not for the weak of heart or the ill of will. It is for those who nestle in a bed of crazy and snuggle with a layer of insane.

Files included on the DEFCON 22 CD – soldieroffortran.org
Here is the description and story behind each of the files included on the DEFCON 22 CD. Usage examples and descriptions are included as well as some background. Each section contains a download link to that specfic file.

Soldier of Fortran – mainframed767.tumblr.com
Talkin’ about mainframe security, links to articles and general items. Brought to you by COBOL on COGS.

Sysmon v1.0 – technet.microsoft.com
Sysinterals SysMon is available now. System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.

ZigTools: An Open Source 802.15.4 Framework – github.com
ZigTools is a Python framework, which was developed to reduce the complexity in writing additional functionality in communicating with a Freakduino (a low cost Arduino based 802.15.4 platform).You can download it from here.

SamuraiSTFU – samuraistfu.org
The home of the Samurai Project’s Security Testing Framework for Utilities (SamuraiSTFU). Download the latest release here.

Techniques

Intercepting Native iOS Application Traffic – netspi.com
In this blog, you will go through proxying an iOS application which uses native web sockets to interact with a web server. The blog will help penetration testers who are trying to intercept sensitive data that is being sent by an iOS application in a non-trivial manner over the network because some applications do not respect the iOS proxy settings.

Scan the Internet & Screenshot All the Things – w00tsec.blogspot.com
Internet scanning isn’t new anymore and people are still surprised with these results. For this post, Bernardo Rodrigues will share some techniques he commonly use to map and screenshot several Internet services during pentest engagements.

NSA/GCHQ: The HACIENDA Program for Internet Colonization – www.heise.de
In this article, Julian Kirsch along with the team will describe a new port knocking variant that uses the nation-state adversary model, and thus offers some protections against the HACIENDA program, thereby possibly stopping the spy agencies at the reconnaissance stage.

Other News

The lie behind 1.2 billion stolen passwords – youarenotpayingattention.com
Earlier this week, Alex Holden of Hold Security announced to the NYT that he had discovered Russian hackers had stolen over 4 billion usernames and passwords. After running a duplication check, that narrowed to 1.2 billion and, while not often reported, that list was further whittled down to around 500 million individual users via unique email addresses.

Meet the Puzzle Mastermind Who Designs Def Con’s Hackable Badges – www.wired.com
Def Con is one of the world’s biggest hacker conventions where security experts come to Las Vegas to learn about the latest computer vulnerabilities and exploits, show off their skills, and hack or crack anything that can be hacked and cracked—including the conference badges.

What caused today’s Internet hiccup – www.bgpmon.net
You may have noticed some instability and general sluggishness on the Internet this week. In this post BGPmon will take a closer look at what happened, including some of the BGP details!

Sponsors

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.